From 47a0230f28b5b4b1ce6ffcf2fc815759e56452b5 Mon Sep 17 00:00:00 2001 From: obrien Date: Tue, 13 Dec 2011 17:59:16 +0000 Subject: [PATCH] Disallow various debug.kdb sysctl's when securelevel is raised. PR: 161350 --- sys/kern/kern_shutdown.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index 90a74b8b1e0d..2ef4e13bf05d 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -102,8 +102,9 @@ int debugger_on_panic = 0; #else int debugger_on_panic = 1; #endif -SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, CTLFLAG_RW | CTLFLAG_TUN, - &debugger_on_panic, 0, "Run debugger on kernel panic"); +SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, + CTLFLAG_RW | CTLFLAG_SECURE | CTLFLAG_TUN, &debugger_on_panic, 0, + "Run debugger on kernel panic"); TUNABLE_INT("debug.debugger_on_panic", &debugger_on_panic); #ifdef KDB_TRACE @@ -111,8 +112,9 @@ static int trace_on_panic = 1; #else static int trace_on_panic = 0; #endif -SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, CTLFLAG_RW | CTLFLAG_TUN, - &trace_on_panic, 0, "Print stack trace on kernel panic"); +SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, + CTLFLAG_RW | CTLFLAG_SECURE | CTLFLAG_TUN, &trace_on_panic, 0, + "Print stack trace on kernel panic"); TUNABLE_INT("debug.trace_on_panic", &trace_on_panic); #endif /* KDB */